1.800.290.5054 (U.S./Canada)
1.210.308.8267 (Worldwide)

Contact Us Request Free Trial

Skip Navigation LinksHome > Products & Services > Enhanced File Transfer (EFT) > Capabilities > FIPS Validation

Enhanced File Transfer (EFT) - FIPS Validation

Why is FIPS Validation Important?

Most government agencies such as the Department of Defense require FIPS validation for the commercial systems they purchase to protect the integrity of data traffic traveling across their networks. Similarly, companies in the public sector such as healthcare, financial and manufacturing are under pressure to ensure that customer and patient information is secure when traveling across networks. To meet that need, many companies in these markets are implementing the same FIPS standard mandated by the U.S. government.

What is FIPS 140-2 Validation?

The Federal Information Processing Standard (FIPS) Publication 140-2 specifies the security requirements of cryptographic modules used to protect sensitive information. The Cryptographic Module Validation Program (CMVP) is the accreditation program that validates cryptographic modules to this standard. The CMVP is a joint effort between the National Institute of Standards and Technology (NIST) and the Communications Security Establishment (CSE) of the Government of Canada. Cryptographic Modules validated through the program are subjected to rigorous testing by independent, accredited Cryptographic Module Testing (CMT) laboratories.

EFT HSM with FIPS 140-2 Validation

With the High Security Module (HSM), customers can deploy Globalscape's EFT platform knowing the embedded Cryptographic Module has met the highest possible security standards. This ensures that your file transfers are protected by best-in-class security.

HSM comes with a built-in FIPS 140-2 Validated cryptographic library to provide secure transfer of information. This enhanced version of EFT uses the validated cryptographic library to ensure that it operates using only FIPS-approved algorithms for encryption of transferred data when using FTP over SSL (FTPS), HTTP over SSL (HTTPS), and SFTP (SSH2).

When EFT is started, a series of startup tests, including Known Answer Tests (KAT) and library-integrity checks, determine whether the HSM is initialized successfully. If the HSM is not initialized successfully, encryption services are disabled and the transfer of sensitive data is prevented.

For more details refer to the Globalscape Validation Certificate # 908 and the Cryptographic Module Validation Program website.